In a distributed computing network, software is installed on devices connected in the network. As users become familiar with the software running on their computers, they often alter the configuration of software to personalize it, secure it, etc. For example, a user may wish to change the appearances of the graphical user interface (GUI) for particular software, while another user may wish to set a specific timer for the screen saver program. A third user may wish to configure the media player appearance mode by hiding the media player toolbar and so forth.
While software may be personalized or customized to suit each user's taste or preference, network administrators typically wish to configure all software installed on each of the devices in the network with identical or uniform configurations. A uniform configuration not only makes deployment of the software more convenient, it also makes troubleshooting and maintenance tasks easier.
Typically, network administrators, information technology (IT) managers, and the like (collectively referred to as “IT management”) create a management policy that includes the intention and the goal of the IT management. Each individual device or system is responsible for regulating itself to comply with the policy. Currently, the IT management may create a policy rule, such as activating the screen saver program after a computer is idle for fifteen minutes, to be deployed to the computer. The IT management may place the policy in a policy authority, of which some embodiments may refer to as a policy authority, and the policy authority periodically broadcasts a notification to the computer indicating a policy is to be received. The computer would need to be in an active connection with the policy authority for the policy to be executed on the computer.
In another practice, the policy authority may notify a listening component of the computer indicating that a policy is to be downloaded. Once an active connection is made with the policy authority, the computer downloads the policy and saves the policy in a memory area of the computer to be executed with or without having an active connection with the policy authority.
While these practices have been sufficient for performing certain tasks such as deployment of policies managing the software configuration, there are drawbacks. For example, some of the devices to be managed in the network may be complex and may need a customized format or syntax for the policy expression or rules. Therefore, a special set of policies may be required.
Another shortfall includes that, after the policy is deployed, the IT management lacks the ability to determine whether similar policies for the same target device create a conflict. For example, suppose an IT management staff A creates a policy for configuring the screen saver program to be activated after 15 minutes while, at the same time, another IT management staff B attempts to create a different policy for 20 minutes for the screen saver activation time. At the time of deployment, the IT management staff A would not know there might be a conflict with the different policy created by the IT management staff B. For the target device, the software would just adopt the policy from both and keeps on changing the configuration. Alternatively, a hardcoded rule, such as based on the time when the rules are received, may choose that the policy created by the IT management staff A overrides the policy by the IT management staff B.
Additionally, existing policies are imperative in which each of the policies are a set of instructions that the target devices of the policies is supposed to execute. The existing policy deployment framework also lacks a feedback loop wherein the target device of a policy can report its compliance with that policy to the policy authority or the IT management staff.